Forum Academy Marketplace Showcase Pricing Features

[Breaking Change] Login Failure Messages

Hi all,

We will be deploying a breaking change with a new Bubble Version shortly. Currently, we display two messages for login failures. One if the email does not exist and another if the password is incorrect. In the new Bubble version, we will follow the industry best practice of only showing one error code and message when either the wrong email or password is used. In the interest of security, we highly recommend updating to this version at your earliest convenience.

Note: This breaking change will affect the usage of Current Workflow Error’s message in workflows that rely on the old status codes of NO_SUCH_USER and WRONG_PASSWORD. The new Bubble version will only return a single INVALID_LOGIN_CREDENTIALS code and message when login has failed.

We’ve included an additional small, but important security fix in this new Bubble Version. If a user tries to reset the password of an email that does not exist, Bubble will simply not send an email rather than alerting the user that the email address does not exist.

Let us know if you have any questions. Happy Bubbling!

26 Likes

Thank you! This is great. :blush: Thanks for listening to our requests.

@j805 www.NoCodeMinute.com

For All Your No-Code Education Needs:

  • One-on-One Tutoring
  • eLearning Hub
  • Video Tutorials
1 Like

Love this!

1 Like

Great! :+1:t2:

Please, let me know if there’s a mistake in the following sentence:

If a user tries to reset the password of an email that does exist, Bubble will simply not send an email rather than alerting the user that the email address does not exist.

if the email does exist or doesn’t exist? If the email does exist I assume Bubble has to send the reset password email.
Thanks.

Good catch. It was supposed to be an email that does not exist. I’ve updated the original post. Thanks for pointing it out!

1 Like

Thank you!!

Thanks for this change, this is something we were hoping for to improve our apps’ security.

Could the error message be changed slightly? It is “We didn’t find an account with those login credentials [email protected]”, which may confuse users into thinking that their account was deleted or no longer exists. “We were not able to log into an account with those login credentials” could be clearer without telling the user whether the account exists or not.

@andersan You can change the message to whatever works best for your app! In the editor, go to the Settings, then Languages tab. Here, you’ll find text fields to change many of the messages your app shows. If you scroll to the bottom, you’ll see the new message.

2 Likes

Awesome

@jonah
Hi, is it at all possible to completely bypass Bubble’s login error messaging and come up with my own pop-up with a format that matches my own branding /color scheme etc.?

Thanks

Yep! You can catch the error and add custom behavior with a An unhandled error occurs event where Only when is for a login failure message.